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- The MAILING DATE of this communication appears on the cov r sheet with the correspondence address 
P riod for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )□ Responsive to communication(s) filed on . 

2a)D This action is FINAL. 2b)£3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) E3 Claim(s) 1-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) IEI Claim(s) 1-30 is/are rejected. 

7) n Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

11) D The proposed drawing correction filed on is: a)D approved b)Q disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)QAII b)Q Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) D The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
Attach me nt(s) 

1 ) £3 Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) Paper No(s). . 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) d Notice of Informal Patent Application (PTO-1 52) 

3) □ Information Disclosure Statement(s) (PTO-1 449) Paper No(s) . 6) □ Other: 
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DETAILED ACTION 

Claims 1-30 were pending for examination. 
Claims 1-30 are rejected. 

Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

Claims 1-6 are rejected under 35 U.S.C. 102a) as being anticipated by Gullman et al., US 
Pat. No. 5280,527 issued Jan 1994. 

Gallman teaches a biometric security mechanism which generates a security token which 
a user inputs to an access device. Gullman' s security token is formed from biometric information 
(i.e. biometric-based data instance), a fixed code and, a time varying code, see col. 3,lines 37-55. 
Gullman's fixed code includes a PIN (i.e. knowledge-based data instance), embedded serial 
number, account number (i.e. possession-based data instance), see col. 2, lines 48-65. 

Gullman further teaches that the security apparatus receives the biometric input, and then 
compares the biometric input to a stored template to derive a correlation factor. The correlation 
factor is combined with the fixed code to generate a security token (i.e. an authentication code). 

Gullman further teaches that the security token is displayed on a display panel of the 
security apparatus where it is entered at an access code or is directly transmitted to a host system 
which decodes the token to identify the embedded fixed code and correlation factor, see col. 4, 
lines 3-22. 
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Gullman teaches that the host system determines whether to grant to user the access to 
the host system. This determination is based on a comparison made on a transmittable code 
which includes the above described authentication code, see col. 7, lines 1-33. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 7-30 are rejected under 35 U.S.C. 103 (a) as being unpatentable over Gullman 
and further in view of Gennaro et al, US Pat. No. 6,317,834 filed Jan. 1999. 

As per claims 7,9, 10 and 12-14, 25-26, Gullman teaches that the processor of the 
security apparatus may include a standard encryption module which applies an encryption 
algorithm to the time of day from real time clock, the fixed code (which includes PIN, serial 
number and account number) and a biometric correlation factor, generating an encrypted security 
token (that is, an encrypted authentication code). Gullman further teaches that the host system 
also includes a decryption module, capable of decrypting the encrypted code generated by the 
encryption module of biometric security apparatus, but fails to specifically disclose " generating 
a key based on a first data instance of the plurality of factor-based data instances" and "applying 
the key to at least one modified data instance to generate a recovered data instance" and " 
interrogating the recovered data instance against the second data instance to generate an 
authentication value". 
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However, Gennaro teaches a method of performing biometric authentication of a person's 
identity including a biometric template prior to storing it in a biometric database, see abstract. 

Gennaro' s method further provides means for verifying the identity of an individual to 
authorize access to a general database comprising the steps of: 

Acquiring a current biometric sample (i.e. a biometric-based data instance), acquiring a 
current personal identifier (i.e. a knowledge based data instance); acquiring decryption key 
generation data (i.e. a plurality of factor -based data instances); comparing the personal 
identifier with the database, and on a match with a personal identifier in the database; creating a 
decryption key from decryption key generation data; performing a decryption operation on the 
retrieved biometric (i.e. recovered biometric) record utilizing the decryption key to decrypt 
encrypted biometric model from the retrieved record. Comparing the decrypted biometric model 
with the current biometric sample to verify the individual as authorized to access the general 
database, see col. 2, line 6-21. see also Fig. 5 and 6. 

Gennaro further teaches that a first encryption key is created from the user's password' 
(i.e. one of factor of plurality of factor-base data instances) and is used to encrypt the biometric 
model. That is, a modified data instance is created based on a second data instance of a plurality 
of factor based data instances. 

It would have been obvious to one ordinary skill in the art to modify Gullman's 
biometric security apparatus to employ Gennaro' s method of authentication with encrypted 
models to store biometric information in a secure manner so as to prevent the occurrence of theft 
and attacks from unauthorized personnel, see also 1, lines 40-55. 
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As per claim 11, Gullman's encrypted security token includes an embedded serial 
number (i.e. a possession-based data instance), see col 2, line 55-56. 

As per claim 8, in another embodiment, Gennaro further teaches a key derived from a 
randomly chosen subset of answers obtained as a result of conducting a challenge 
question/answer session with the individual. Then, biometric template and the full set of answers 
are combined and encrypted. That is, the biometric record is comprised of the personal identifier 
and challenge list in plaintext, along with the encrypted answers (i.e. another authentication 
value) and biometric model (i.e. a first authentication value), see col. 9, lines 31-46, see also Fig. 
7a. 

As per claims 15 - 18 and 20-24, 27-30, Gullman teaches that the security apparatus 
initially is configured in an enroll mode where biometric samples or templates (i.e. first 
biometric data instance) are obtained. Gullman further teaches that the access device transmits a 
derived token (i.e. a second modified version of biometric data instance) to the host system, 
which decrypts or decodes the token to derive the fixed code and a correlation factor. If the fixed 
code identifies a valid user and the correlation factor is above the threshold level, then access is 
permitted, if not, then access is denied, see col. 6, lines 30-45. 

Gullman fails to teach a modified version of first and second biometric data instance 
where the second modified version is a hash of second biometric-based data instance. However, 
use of hash function and message digest using a one directional hash function is well known in 
the art of cryptography, this is taken as official notice. It would have been obvious to one 
ordinary skill in the art to hash the biometric templates or samples of Gullman at enrollment for 
security and space requirement. 



* * 
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Conclusion 

Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Taghi Arani, whose telephone number is (703) 305-4274. The examiner 
can normally be reached Monday through Friday from 7:30 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. The Fax numbers for the 
organization where this application is assigned are: 
After-final (703) 746-7238 
Official (703) 746-7239 
Non-Official/Draft (703) 746-7240 
Taghi Arani 
Patent Examiner 

June 28, 2003 SUPERVISORY PATENT EXAMINER 

TECHNOLOGY CENTER 2100 




